This invention in general relates to wireless communications and specifically relates to a method and system for establishing a one to one secure communication correspondence between a mobile device and a Bluetooth headset.
Bluetooth™ is an industrial specification standard for wireless communications in a personal area network. Bluetooth standard enables communication between devices such as laptops, mobile phones, Bluetooth enabled headsets, digital cameras, etc., using short range radio frequency.
For reasons of security, authentication is required prior to connecting a Bluetooth enabled mobile device to a Bluetooth headset. A personal identification number (PIN) may be used for establishing a secure communication correspondence between the headset and the mobile device. For example, today the commercially available Bluetooth headsets are assigned fixed PINs during manufacture. The communicating mobile devices typically employ such fixed PINs to establish a secure communication with the headsets. Bluetooth security is based on the generation of security keys using a PIN code. In most Bluetooth devices, “0000” is a commonly assigned PIN by the manufacturer of the Bluetooth device.
If an attacker can discover a Bluetooth device, the attacker may be able to send unsolicited messages or abuse the Bluetooth service. An attacker may be able to find a way to access or corrupt the data. One example of this type of activity is “bluesnarfing”. Bluesnarfing refers to attackers using a Bluetooth connection to steal information from a Bluetooth device. Also, viruses and other malicious codes can take advantage of Bluetooth technology to infect other devices. If the Bluetooth device is infected, the data may be corrupted, compromised, stolen, or lost.
Many Bluetooth headset related security issues arise due to the well known fixed PIN associated with the Bluetooth headset. Ideally, the manufacturers of Bluetooth headsets would prefer to have different PINs assigned to different headsets during manufacturing. However, it is not efficient from a manufacturing and assembly perspective to provide a unique PIN to each device. Providing an additional human machine interface on the headsets to configure the PIN may also not be a cost effective solution.
Therefore, there is a need for a method and system that is capable of establishing a one to one secure communication correspondence between a mobile device and a Bluetooth headset that enables device specific PINs.